Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/649fdc-0d3a-41ec-a1ce-dce947e294b6/1/IPeiMehm6QECFC52RY0apIXHDNU.roa
File:                     IPeiMehm6QECFC52RY0apIXHDNU.roa (raw, json)
Hash identifier:          8ANVC/sDEWhLrwoJ9ZsQK2bdvdAuXXAuDwW/JPfEUMw=
Subject key identifier:   20:F7:A2:31:E8:66:E9:01:02:14:2E:76:45:8D:1A:A4:85:C7:0C:D5
Certificate issuer:       /CN=f4d08a1e1cbc909254e9e6b9c939fd85a268b1e1
Certificate serial:       019C0675347134857AE8F0AA8594A1F9E518
Authority key identifier: F4:D0:8A:1E:1C:BC:90:92:54:E9:E6:B9:C9:39:FD:85:A2:68:B1:E1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9NCKHhy8kJJU6ea5yTn9haJoseE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/649fdc-0d3a-41ec-a1ce-dce947e294b6/1/IPeiMehm6QECFC52RY0apIXHDNU.roa
Signing time:             Wed 28 Jan 2026 21:14:30 +0000
ROA not before:           Wed 28 Jan 2026 21:14:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     22295
IP address blocks:        193.160.32.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/649fdc-0d3a-41ec-a1ce-dce947e294b6/1/9NCKHhy8kJJU6ea5yTn9haJoseE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/649fdc-0d3a-41ec-a1ce-dce947e294b6/1/9NCKHhy8kJJU6ea5yTn9haJoseE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9NCKHhy8kJJU6ea5yTn9haJoseE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 12:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:06:75:34:71:34:85:7a:e8:f0:aa:85:94:a1:f9:e5:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f4d08a1e1cbc909254e9e6b9c939fd85a268b1e1
        Validity
            Not Before: Jan 28 21:14:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=20f7a231e866e90102142e76458d1aa485c70cd5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:98:c4:be:fe:1b:b9:28:f9:c4:51:cd:2e:26:
                    a8:d3:be:d2:d9:ea:a1:47:d9:42:96:3e:12:6a:4f:
                    30:4a:12:6c:26:d6:f0:72:80:c4:fb:d0:75:07:d1:
                    dd:e1:19:88:27:c9:13:1e:42:4f:64:cd:3b:ca:cd:
                    cb:a4:61:54:e8:d1:e0:3a:de:00:cc:c4:38:4b:27:
                    cd:91:bf:05:cf:92:1c:94:7b:95:3e:16:80:c5:51:
                    ba:0c:fc:ce:10:ad:8a:0b:3e:d0:6a:8f:fa:82:6a:
                    10:51:af:63:66:b6:92:13:16:e3:8f:7d:6d:ec:95:
                    84:3b:30:29:55:2c:25:95:c5:fb:01:00:86:35:9e:
                    61:fa:ea:28:fd:02:05:37:e2:d1:36:03:c4:40:8b:
                    ee:25:a3:af:83:03:f2:8e:d0:70:bc:db:0d:02:8e:
                    97:4d:0e:44:37:a2:89:84:95:0c:18:e2:bf:0b:95:
                    f6:7d:74:5e:56:aa:15:a1:32:37:35:04:6e:e6:0b:
                    d6:68:98:a9:8f:4f:54:95:d0:93:bd:cc:2c:7e:9a:
                    37:95:f3:88:e0:1f:e0:87:ef:28:94:03:d5:ae:d7:
                    8f:9f:7c:a9:a5:49:12:55:7f:60:b6:ab:87:13:42:
                    22:a4:d1:98:b3:73:71:a0:9c:27:70:76:93:90:5f:
                    ee:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:F7:A2:31:E8:66:E9:01:02:14:2E:76:45:8D:1A:A4:85:C7:0C:D5
            X509v3 Authority Key Identifier:
                keyid:F4:D0:8A:1E:1C:BC:90:92:54:E9:E6:B9:C9:39:FD:85:A2:68:B1:E1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9NCKHhy8kJJU6ea5yTn9haJoseE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/649fdc-0d3a-41ec-a1ce-dce947e294b6/1/IPeiMehm6QECFC52RY0apIXHDNU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/649fdc-0d3a-41ec-a1ce-dce947e294b6/1/9NCKHhy8kJJU6ea5yTn9haJoseE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.160.32.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:c3:fd:41:6a:b5:54:54:23:f7:00:ce:3b:4d:14:88:8a:29:
         e9:bd:47:53:e8:65:5b:66:39:7f:4d:98:54:53:02:74:8f:74:
         8f:48:8b:b1:12:61:ba:b9:1d:78:35:18:c7:b0:dc:cb:26:73:
         2b:4e:c1:4a:8e:04:fe:55:8a:d2:ad:7d:0f:97:2c:e1:07:dc:
         31:bd:ba:88:82:a3:bf:d4:cb:fb:2c:cc:1d:30:a8:2b:94:88:
         01:5b:68:5a:91:a8:65:f2:a9:57:ac:5f:79:41:69:61:6f:2a:
         44:26:9f:96:d5:31:6d:3a:92:d9:37:9a:6f:b1:cb:55:8d:5c:
         ca:9f:ff:a2:41:a0:3a:78:a7:74:b5:2a:6b:af:66:ca:e8:00:
         c0:54:d2:cd:3d:6f:00:2d:4a:2a:5f:10:35:18:cd:a6:a5:b7:
         ca:48:49:9d:56:e2:5d:ab:e9:96:15:91:4f:33:5b:9b:45:50:
         f2:ae:db:52:3c:24:82:2b:d2:84:21:c0:ff:b5:cf:85:57:96:
         a0:f8:1d:6d:eb:0f:d7:93:d8:ae:66:83:3d:e9:b3:f3:55:e3:
         4e:44:37:64:b8:88:8b:c2:91:ec:a4:c2:71:a1:fc:a6:a3:05:
         b6:fa:0b:ce:98:09:f1:03:16:f1:49:6e:e4:9b:4c:0e:15:b9:
         d3:99:09:6e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZwGdTRxNIV66PCqhZSh+eUYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY0ZDA4YTFlMWNiYzkwOTI1NGU5ZTZiOWM5MzlmZDg1YTI2
OGIxZTEwHhcNMjYwMTI4MjExNDMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMGY3YTIzMWU4NjZlOTAxMDIxNDJlNzY0NThkMWFhNDg1YzcwY2Q1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvZjEvv4buSj5xFHNLiao077S2eqh
R9lClj4Sak8wShJsJtbwcoDE+9B1B9Hd4RmIJ8kTHkJPZM07ys3LpGFU6NHgOt4A
zMQ4SyfNkb8Fz5IclHuVPhaAxVG6DPzOEK2KCz7Qao/6gmoQUa9jZraSExbjj31t
7JWEOzApVSwllcX7AQCGNZ5h+uoo/QIFN+LRNgPEQIvuJaOvgwPyjtBwvNsNAo6X
TQ5EN6KJhJUMGOK/C5X2fXReVqoVoTI3NQRu5gvWaJipj09UldCTvcwsfpo3lfOI
4B/gh+8olAPVrtePn3yppUkSVX9gtquHE0IipNGYs3NxoJwncHaTkF/u3wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCD3ojHoZukBAhQudkWNGqSFxwzVMB8GA1UdIwQY
MBaAFPTQih4cvJCSVOnmuck5/YWiaLHhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOU5DS0hoeThrSkpVNmVhNXlUbjloYUpvc2VFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82NDlmZGMtMGQzYS00MWVjLWExY2Ut
ZGNlOTQ3ZTI5NGI2LzEvSVBlaU1laG02UUVDRkM1MlJZMGFwSVhIRE5VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82NDlmZGMtMGQzYS00MWVjLWExY2UtZGNlOTQ3ZTI5NGI2
LzEvOU5DS0hoeThrSkpVNmVhNXlUbjloYUpvc2VFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwaAgMA0G
CSqGSIb3DQEBCwUAA4IBAQACw/1BarVUVCP3AM47TRSIiinpvUdT6GVbZjl/TZhU
UwJ0j3SPSIuxEmG6uR14NRjHsNzLJnMrTsFKjgT+VYrSrX0PlyzhB9wxvbqIgqO/
1Mv7LMwdMKgrlIgBW2hakahl8qlXrF95QWlhbypEJp+W1TFtOpLZN5pvsctVjVzK
n/+iQaA6eKd0tSprr2bK6ADAVNLNPW8ALUoqXxA1GM2mpbfKSEmdVuJdq+mWFZFP
M1ubRVDyrttSPCSCK9KEIcD/tc+FV5ag+B1t6w/Xk9iuZoM96bPzVeNORDdkuIiL
wpHspMJxofymowW2+gvOmAnxAxbxSW7km0wOFbnTmQlu
-----END CERTIFICATE-----